Intrusion Defense School Final Exam

Intrusion Defense School Return to Intrusion Defense School

1. Which of the following describes the behavior of a worm?

1. Malicious software that is disguised as a legitimate application; it doesn't propagate itself.
2. Malicious software that infects other applications when the application is launched by the end user.
3. Malicious software that is both self-contained and self-propagating.
4. None of the above.

2. What is a black box network?

1. Networks with significant monitoring and management capabilities in use.
2. Networks with a unified threat management firewall.
3. Networks with few connection points, and little or no monitoring and management capabilities in use.
4. Networks with lots of connection points, and little or no monitoring and management capabilities in use.

3. Which of the following is not true about antispam compared to antivirus?

1. Because spam only travels via email, redirecting traffic through a filter to detect spam is simpler than catching all potential virus activity.
2. Both the false positive and false negative rates for antispam are much higher than that of antivirus software.
3. End user features in antispam are critical to end-user satisfaction.
4. Less spam gets past antispam defenses (than viruses) and fewer messages are misclassified as spam (than viruses).

4. Future access controls will be based on what?

1. IP address
2. Identity of the user
3. User's location
4. User's department

5. Why do today's networks have many unmanaged distributed control points?

1. In the past, admins have had little need for knowledge about the network itself.
2. There are significant financial incentives to building a network that has tens or a hundred times the needed capacity.
3. Management and control components, such as IDSes and SIMs, are pricey.
4. All of the above.

6. Network perimeter-based regulatory controls fall into one of three subcategories. Which of the following describes tools that attempt to monitor and manage the flow of sensitive information out of an organization?

1. Auditing and logging tools
2. Compliance tools
3. Leak protection tools

7. Which of the following may get past virus scanners?

1. Malware in an encrypted e-mail
2. Malware in an encrypted Web session
3. Malware in Web traffic on non-standard ports
4. All of the above

8. Which of the following is not a good rule of thumb when building network perimeter antivirus?

1. Whatever antivirus you're running at the desktop, run it at the network perimeter.
2. Plan with the expectation that antivirus and antispyware will merge.
3. Contradict the desktop.
4. None of the above.

9. Which of the following is a best practice for making the business case for intrusion defense?

1. Choose services based on what came with the UTM firewall you already have.
2. Use FUD as your primary strategy for selling intrusion defense to upper-management.
3. Make the calculation of costs and expected benefits for any intrusion defense.
4. Avoid using FUD at all costs to sell intrusion defense.

10. What are the best protection points for viruses?

1. Desktop; unified threat management
2. Edge proxy server; desktop; unified threat management
3. Edge e-mail security appliance; unified threat management
4. Edge e-mail security appliance; desktop

Check your score

<< Return to Intrusion Defense School

BROWSE BY TAG Intrusion Defense School,   Basics of network security intrusion defense,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Basics of network security intrusion defense Intrusion Defense School Entrance Exam Joel Snyder's introduction to network perimeter defenses

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary